Skip to main content

Understanding and Combating Spoofing Fraud: An Essential Guide for Awareness

By: / 16 Apr 2024

It's your bank or credit union on the line asking for your account information - or is it? 

It is NOT. 

One Nevada Credit Union will never call, email, or text for personal information, so if you take the wrong next step, you could be the victim of a spoofing scam.  

Let's take a look at spoofing, how it works, and red flags that can alert you to a possible spoofing scam so you can avoid being the next victim. 

What is spoofing? 

Spoofing is the criminal act of disguising a communication from an unknown source to appear as if it's being sent from a trusted and known contact. The ultimate goal of spoofing is to get the target to share their sensitive information and/or their money with the scammer. For example, a spoofer may pretend to represent a victim's credit card company and lead them into sharing their account details.

Types of spoofing

Cybercriminals have a variety of ways to pull off their spoofing. Here are the more common forms: 

1. Email spoofing

In email spoofing, an attacker sends an email message that appears to be from a known or trusted source. The emails often include links to harmful websites or attachments that will infect the victim's device.

2. IP spoofing

In IP spoofing, an attacker tries to gain access to a system by sending messages via a bogus or spoofed ID address appearing to be from a recognized, trusted source, such as one on the same internal computer network. 

3. Caller ID spoofing

Here, attackers make a phone call to a target that appears to be from a known caller. The scammer will often pose as the victim's bank or credit union. The victim, believing they are speaking with a financial institution representative, will not hesitate to disclose their account information and passwords.

4. Facial spoofing

In this most recent form of spoofing, a scammer uses a photo or video of a target's face to simulate their facial biometrics. This enables them to unlock accounts that can only be opened by facial recognition.

5. Website spoofing

In website spoofing, a scammer creates a bogus site that looks just like a reputable site the victim frequents. Attackers lure victims to this site to steal their login credentials and personal info.

6. Text-message spoofing

In this scam, also known as smishing, a victim gets a text message on their mobile phone that appears to have been sent from a trusted source, such as the victim's financial institution, place of work, or doctor's office. 

7. Deepfakes and Spoofing

Deepfakes is a relatively new and dangerous tool for spoofers. A deepfake is a fake image, video, or audio clip edited to appear authentic. New AI technology makes it easier for scammers to create and unleash these sophisticated scams on the masses. For example, a scammer may create a deepfake video using an image and audio recording of a celebrity to make it appear that they are telling you to open a link or support a specific cause. 

Protect yourself

Spoofing is a formidable danger for consumers across the economic spectrum, but with the right tools and knowledge, you can avoid falling victim to these scams. Here's how to protect yourself from a spoofing attack:

  • Turn on your email's spam filter and mark incoming suspicious emails as spam.
  • Use two-factor authentication and/or biometric logins when possible.
  • Use strong, unique passwords across all of your accounts.
  • Make sure your device's security system is at its strongest setting and uses the most updated patches. 
  • Never click on links or open attachments from an unverified source. 
  • Never share personal information online or over the phone with an unknown contact.
  • If you're allegedly contacted by your financial institution and asked to provide your login credentials or account details, don't respond. Contact your bank or credit union directly to ask about any possible issues with your account. 
  • Don't take phone calls at face value, even with caller ID. Hang up and call the phone number on the back of your bank card or your statements. 
  • Identify deepfakes by looking for small details. Zoom into the image or video and verify if the words and lip movements are in sync. Look for lip color that looks unnatural, unrealistic facial hair, exaggeratedly wrinkled or smooth skin, and non-existent moles. 

Red flags

Look out for these red flags that can alert you to a possible spoofing attack:

  • Websites with a URL similar to a reputable site's URL.
  • Websites riddled with typos, unusual syntax, and spelling errors.
  • An alleged bank or credit union rep asks you to call a number not associated with your financial institution.
  • You're asked to share your login credentials or account number with an unverified contact.
  • Familiar corporate branding, such as logos, colors and call-to-action buttons in messages requesting you take action that's out of the ordinary.

Use these tips and take control of your security. Stay alert and stay safe!

Find more readings

Leaving Site

You are leaving the One Nevada Credit Union website.

We cannot control the content of other internet sites. Links from our website(s) are intended to serve as a benefit to our members and are offered on an as is basis. We are not responsible for the accuracy, security, or content of site links. We encourage our members to view privacy and security disclosures on all websites they visit.